The Coast Guard and Department of Homeland Security are working to raise awareness about the dangers of a physical or digital attack from within the workforce during September, National Insider Threat Awareness Month.
Data breaches, malicious modification of code, accessing files outside a designated clearance level, or personal problems outside of work that could make an employee susceptible to criminal influence are insider threats.
Have you ever had a person ask you a lot of questions, and suddenly, your intuition kicks into overdrive? Maybe the questions don’t relate to that person’s line of work, or the questions are highly personal or very specific to the Service. Or if one of your co-workers starts acting differently – these are moments to flag for a number of different reasons.
The Coast Guard continues to counter insider threats, and has developed proactive strategies that deter, detect and mitigate insider threats.
“Imagine an insider threat as a person or ‘bad guy’ that is taking something that isn’t theirs,” said John Goodwill, Headquarters Coordinator, Insider Threat Division for U.S. Coast Guard Headquarters. No insider threat program is complete without the help of the workforce – they are the eyes and ears, the first line of defense
So how does the term “bad guy” fit in when it comes to insider threats? An insider threat is anyone with authorized access to the information or things an organization values most, and who uses that access, either wittingly or unwittingly, to inflict harm on the Coast Guard, DHS, or national security. When an insider becomes a threat, it can have far-reaching consequences on an organization and national security.
Insiders can and will go after any information they can to inflict damage. Motivations vary with some doing it for money for example or just because they might have issues with an individual or the organization they work for. Insiders have also done this to support other countries in the past, like Ana Montes, former DIA Senior analyst who spied for Cuba. However, threats of violence against co-workers or against the population in general have increased throughout the years.
The concept of an insider threat is nothing new in the world we live in present day. We can venture back all the way to 1951 before the advent of cybercrimes and attacks, when retired Army Gen. Douglas MacArthur is quoted in an article for TIME Magazine saying, “I am concerned for the security of our great nation; not so much because of any threat from without, but because of the insidious forces working from within.” If anything, the insider threat has seasoned and flourished with technology evolving the present day.
“Most insider threats have now moved beyond a potential risk that we hear about mentioned in annual mandated training, for example,” said Goodwill. “We now live in a reality where threats are a very real reality and we have to take an approach to be vigilant to prevent these threats.”
The ability to deter, detect and mitigate are ways to stop insider threats. First, we should seek to deter or prevent the beginning of a threat. This begins with being aware of what to look for and remaining vigilant. The best practice is to recognize and report indicators that an insider threat might display and report things that seem out of the ordinary.
A major obstacle that deters people from reporting is the idea that they are snitching on a shipmate. Yet reporting ensures everyone’s security and preserves the resources and capabilities of the Coast Guard.
The Coast Guard insider threat mission includes getting help for those in the workforce who need help. You can anonymously report and alert the Coast Guard Insider Threat Team on the Coast Guard Portal (accessible with a CAC).
Do you want MyCG news sent directly to your inbox? Subscribe here.